US20090077652A1 - Contents Execution Device Equipped With Independent Authentication Means And Contents Re-Distribution Method - Google Patents

Contents Execution Device Equipped With Independent Authentication Means And Contents Re-Distribution Method Download PDF

Info

Publication number
US20090077652A1
US20090077652A1 US11/722,215 US72221506A US2009077652A1 US 20090077652 A1 US20090077652 A1 US 20090077652A1 US 72221506 A US72221506 A US 72221506A US 2009077652 A1 US2009077652 A1 US 2009077652A1
Authority
US
United States
Prior art keywords
content
tool
server
target device
smart card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US11/722,215
Other versions
US8151342B2 (en
Inventor
Bum Suk Choi
Sang Hyun Joo
Hye Joo Lee
Jin Soo Choi
Jin Woo Hong
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electronics and Telecommunications Research Institute ETRI
Original Assignee
Electronics and Telecommunications Research Institute ETRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electronics and Telecommunications Research Institute ETRI filed Critical Electronics and Telecommunications Research Institute ETRI
Priority claimed from PCT/KR2006/000308 external-priority patent/WO2006080814A1/en
Assigned to ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE reassignment ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HONG, JIN WOO, CHOI, BUM SUK, CHOI, JIN SOO, JOO, SANG HYUN, LEE, HYE JOO
Publication of US20090077652A1 publication Critical patent/US20090077652A1/en
Application granted granted Critical
Publication of US8151342B2 publication Critical patent/US8151342B2/en
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25808Management of client data
    • H04N21/25816Management of client data involving client authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/478Supplemental services, e.g. displaying phone caller identification, shopping application
    • H04N21/4788Supplemental services, e.g. displaying phone caller identification, shopping application communicating with other users, e.g. chatting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/637Control signals issued by the client directed to the server or network components
    • H04N21/6377Control signals issued by the client directed to the server or network components directed to server
    • H04N21/63775Control signals issued by the client directed to the server or network components directed to server for uploading keys, e.g. for a client to communicate its public key to the server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/81Monomedia components thereof
    • H04N21/8166Monomedia components thereof involving executable data, e.g. software
    • H04N21/8193Monomedia components thereof involving executable data, e.g. software dedicated tools, e.g. video decoder software or IPMP tool
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • H04N21/8355Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/163Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Definitions

  • the present invention relates to a content providing service method used in digital broadcasting and a content execution device for the same, and more particularly, to a digital content providing service method and a content execution device for the same which maximize user convenience and maintain a sufficient security level using a smart card.
  • Digital content is of excellent quality and quite convenient to manage compared to conventional analog content.
  • digital content can be copied an unlimited number of times, the danger and possible extent of infringement are great.
  • digital broadcasting it is well known that when easy-to-copy digital content is provided to many subscribers, wide scale copyright infringement results. Accordingly, as protection of digital content is rapidly regarded as being of great importance to the development of digital industries, various formats of digital rights management (DRM) have been developed.
  • DRM digital rights management
  • a conventional conditional access system cannot guarantee the security of broadcast content in emerging broadcasting business models. For example, it cannot guarantee protection of broadcast content from recording and re-distribution.
  • each of broadcasting station servers uses its own specific protection mechanism for a broadcasting service, and does not have a protection mechanism compatible with other broadcasting stations. Accordingly, if an end user intends to use a new channel service from other broadcasters, he/she has to change his/her own set-top-box (STB). This is very troublesome and costly to consumers of broadcast content.
  • STB set-top-box
  • a user lawfully receiving content may wish to use the received content in devices other than a multimedia device used to receive the content, or to re-distribute the received content to other users.
  • the conventional art does not permit such varied license distribution. This is a limitation to the user in using the content, and may be an obstacle to the spread of digital content broadcasting.
  • the present invention is directed to strengthening of security and/or enhancement of convenience in digital content distribution and management.
  • the present invention is also directed to a content execution device for conveniently performing an authority authentication procedure using a smart card.
  • the present invention is directed to a method of efficiently providing a broadcasting service using a smart card, in a broadcasting system having a structure where authentication and tool management roles are separated.
  • the present invention is directed to a method of efficiently providing broadcasting service using a smart card, in a broadcasting system where a broadcasting content consumer region is specified as a home domain.
  • the present invention is directed to a method of transmitting lawfully acquired content to other users or devices.
  • One aspect of the present invention provides a content execution device including: an independent authentication unit for storing a tool necessary for executing content; a tool agent for calling the tool stored in the independent authentication unit; and a content execution unit for executing content data received from an external broadcasting server.
  • Another aspect of the present invention provides a content broadcasting service subscription method performed in a content execution device (also, called a user device to emphasize belonging to a broadcasting service user side) and a broadcasting server broadcasting content data, the method including the steps of: in the user device, requesting a broadcasting station server for a new subscription; transmitting information of a user smart card connected to the user device, to the broadcasting station server; in the broadcasting station server, checking the received smart card information; registering the new subscription and the smart card with the broadcasting station server; in the broadcasting station server, transmitting a certificate to the smart card; and in the smart card, storing the certificate in an internal memory.
  • Yet another aspect of the present invention provides a content execution method performed in a content execution device, the method including the steps of: receiving content from a broadcasting station server; determining a tool necessary for executing the received content; determining whether or not the necessary tool exists in a smart card; connecting to a tool server, and requesting the tool when it does not exist in the smart card; receiving the tool from the broadcasting station server; storing the received tool in the smart card; and executing the content using the tool stored in the smart card.
  • Yet another aspect of the present invention provides a method for re-distributing content from a content execution device (source device) and to a content execution device (target device), the method including the steps of: checking whether or not re-distribution of the content is permitted; transmitting the content, use tool information, and a point of the broadcasting station server to the target device; in the target device, connecting to the broadcasting station server and requesting permission to execute the content; and receiving the execution permission, and playing the content.
  • Yet another aspect of the present invention provides a method for re-distributing content performed in a source device and a target device, the method including the steps of: checking whether or not re-distribution of the content is permitted; receiving authentication of the target device from an external broadcasting server; transmitting the content, use tool information, and play permission information to the target device; and in the target device, playing the content.
  • Yet another aspect of the present invention provides a method for re-distributing content from a source device to a target device performed in the source device, the method including the steps of: checking whether or not re-distribution of the content is permitted; receiving authentication of the target device in an external tool server; and transmitting the content, use tool information, and a pointer of a broadcasting station server holding rights to the content, to the target device.
  • Yet another aspect of the present invention provides a method for re-distributing content from a source device to a target device performed in the target device, the method including the steps of: receiving the content, use tool information, and a pointer of the broadcasting station server from the source device; connecting to a broadcasting sever holding rights to the content, and requesting permission to execute the content; and receiving execution permission, and playing the content.
  • Yet another aspect of the present invention provides a method for conversional re-distributing content from a content execution device (source device) to a portable device (target device), the method including the steps of: checking whether or not conversional re-distribution of the content stored in the source device is permitted; requesting a tool server for transmission of a portable device tool (hereinafter, referred to as “portable tool”), and downloading the portable tool; requesting a broadcasting station server for permission to re-transmit the content to the target device, and receiving the permission; transmitting content, portable tool, and the re-transmission permission to a portable device; and in the target device, playing the content using the portable tool, and the re-transmission permission.
  • source device content execution device
  • target device portable device
  • Yet another aspect of the present invention provides a method for conversional re-distributing content from a source device to an external target device, the method including the steps of: checking whether or not conversional re-distribution of the content is permitted; requesting an external tool server for transmission of a portable tool, and downloading the portable tool; requesting a broadcasting station server holding rights to the content, for permission to convert and re-distribute the content, and receiving the permission; and transmitting content, a portable tool, and the permission to re-transmit the content to the target device.
  • a content execution device included in a content authority management system of the present invention employs the smart card for user authentication and/or content playing tool management. Accordingly, a user can freely execute his/her licensed content in different content execution devices by conveniently removing and reinserting the smart card, without separate measures.
  • a user can effectively use content from different broadcasters.
  • broadcasting non-subscribers also can execute broadcast content within a limited range, thereby fostering widespread, lawful use of broadcast content.
  • content protected by a copyright protection device can be executed in different multimedia devices such as a PDA, as well as a content broadcasting receiver, thereby fostering widespread, lawful use of broadcast content.
  • FIG. 1 illustrates a structure of a content broadcasting system capable of employing a content execution device according to the present invention
  • FIG. 2 is a block diagram illustrating a structure of a content execution device according to an embodiment of the present invention
  • FIG. 3 is a block diagram illustrating a structure of a tool pack, which can be applied to a content execution device according to the present invention
  • FIG. 4 is a block diagram illustrating a content providing service method according to an embodiment of the present invention.
  • FIG. 5 is a block diagram illustrating a content service providing method according to another embodiment of the present invention.
  • FIG. 6 is a block diagram illustrating a content service providing method according to a further embodiment of the present invention.
  • FIG. 7 is a block diagram illustrating a content re-distribution method according to an embodiment of the present invention.
  • FIG. 8 is a block diagram illustrating a content re-distribution method according to another embodiment of the present invention.
  • FIG. 9 is a block diagram illustrating a content re-distribution method according to a further embodiment of the present invention.
  • a home domain system of the present invention can be used together with various types of digital content protection/management system.
  • the present invention does not relate to a digital content protection/management system, the present invention will be described with reference to a specific digital content protection/management system.
  • the broadcast content protection/management system of FIG. 1 includes a producer server of a content provider; a transmission server 300 - 1 for transmitting content received from the producer server to respective service subscribers; a clearing house 300 - 2 for authenticating the respective subscribers and/or content; and a tool server 400 for managing tools for encrypting/decrypting content data.
  • the producer server which is a server for authoring information for protecting/managing broadcasting content, takes charge of transmitting content information (protection stream) to be protected/managed to the transmission server 300 - 1 in association with the tool server 400 .
  • the producer server registers content to be broadcasted with the clearing house 300 - 2 , and receives information (e.g. a content ID, a clearing house public key, and a clearing house URL) necessary for distribution.
  • the producer server determines a tool to be applied to the content, and receives tool information (a tool ID and a tool descriptor).
  • the producer server can also register a new tool and a tool descriptor with the tool server 400 and be allotted a new tool ID.
  • the producer server can be operated as CP or SP.
  • the transmission server 300 - 1 serves to receive the protection stream from the producer server, and transmit the received protection stream to a domain controller (content execution device 100 ) of the service subscriber.
  • the protection stream can be converted to have a predetermined format, and transmitted.
  • the protection stream can be also converted by the tool registered with the tool server 400 .
  • format conversion is made without using the tool server 400
  • when the producer server prepares and transmits a syntax file of distribution, tool, and storage information to the transmission server 300 it can also transmit information on the tool to be applied in a separate syntax file in the transmission server 300 .
  • the tool server 400 for managing tools applied to the broadcast content, systematically manages encrypting/decrypting and/or scrambling/descrambling and/or watermarking/fingerprinting tools for the broadcast content.
  • the tool server 400 can include a server for registering the tool, and a server of tool management authority for distributing/managing the tool.
  • the tool server 400 is for downloading the tools stored in a smart card of this embodiment.
  • the clearing house 300 - 2 a kind of a server system, takes charge of a function of issuing a license including authority and conditions for controlling use and distribution of broadcast content, a function of billing/payment/settlement based on content use, and a function of user/device/content/domain authentication.
  • the clearing house 300 - 2 may be an integral authentication system of a broadcasting standard authority for integrally providing digital broadcasting, or may be an authentication system separately provided at each broadcasting station.
  • the clearing house 300 - 2 registers the smart card, and issues at least one of the necessary security key, key information, and certificate.
  • the producer server, the clearing house 300 - 2 , the transmission server 300 - 1 , and the tool server 400 belong to a broadcasting server domain that is a collection of authorities forming a broadcasting station, from a user's standpoint. From the standpoint of the content execution device 100 according to this embodiment, the transmission server 300 - 1 and the clearing house 300 - 2 of the broadcasting server domain, which are remotely connected to the content execution device 100 , are collectively called a broadcasting station server 300 , and the tool server 400 and the broadcasting station server 300 are collectively called a broadcasting sever.
  • the content protection/management system to which the present invention is applied can be used in association with the inventive home domain system having a plurality of content execution devices and/or a plurality of users included in one home domain.
  • content re-distribution between devices can be content re-distribution between different home domains
  • conversional re-distribution of the content can be content re-distribution between the same home domains.
  • an authentication data storage module of the clearing house 300 - 2 can have device and/or user information included on a home domain-by-home domain basis, and an authentication execution module can perform a registration procedure for the device and/or the user included on a home domain-by-home domain basis.
  • the content execution device of this embodiment can be used as a home domain controller of the home domain system having the plurality of content execution devices and/or the plurality of users included in one home domain.
  • the home domain refers to one home domain controller and groups of users and devices (SAV, PAV) belonging to the home domain controller.
  • One home domain controller defines one home domain, and each home domain includes a plurality of users and devices. It can be embodied that, like a set-top-box receiving digital broadcasting, the home domain controller combines one multimedia player by itself, and can also be embodied to take full charge of only home domain management. As such, the home domain controller performs an important role in defining each home domain and managing each user and/or device.
  • the content execution device of this embodiment is capable of easily and safely performing subscriber authentication using the smart card and has features suitable to its role as the home domain controller.
  • the content execution device of FIG. 2 is an exemplary embodiment where an independent authentication module is embodied as the smart card, and includes an authentication support module 110 for providing a user authentication channel between the connected smart card 200 and the external broadcasting station server 300 ; a tool agent 120 for calling the tools stored in the connected smart card 200 ; and a content execution unit 130 for executing content data received from the external broadcasting station server 300 .
  • the authentication smart card 200 connected to the content execution device 100 of this embodiment is comprised of a smart chip having an embedded central processing unit (CPU) and a storage memory (EEPROM). And, in terms of constituent elements of the present invention, the authentication smart card 200 includes a tool storage unit 210 for storing tools necessary for playing the content; an authority storage unit 230 for storing authority information on an external broadcasting server; and an authentication module 220 for performing mutual authentication for the external broadcasting server.
  • a tool storage unit 210 for storing tools necessary for playing the content
  • an authority storage unit 230 for storing authority information on an external broadcasting server
  • an authentication module 220 for performing mutual authentication for the external broadcasting server.
  • the smart card 200 can also be embodied as an RF card employing an RF wireless communication method, but is preferably embodied using a contact type card employing a contact pad communication method in order to secure stable connection with the content execution device 100 .
  • the authentication support module 110 can include a contact type terminal for contacting the contact type smart card, and a smart card interface module for converting data to or from a serial communication format for the smart card.
  • the content execution unit 130 and the tool agent 120 can be concretely embodied by an arithmetic unit such as a CPU included in the content execution device, a program executed by the arithmetic unit, and an arithmetic memory such as a RAM for loading the program.
  • the content execution unit 130 has a similar structure and operation as a general multimedia execution device. However, in the case where a specific tool stored in the smart card 200 is required to play the content, the content execution unit 130 can call the tool agent 120 .
  • the tool agent 120 serves to load the tool necessary for executing content data, from the tool storage unit 210 of the smart card 200 , and execute the loaded tool.
  • the content execution device 100 of this embodiment can further include a broadcast receiving stage 140 for connecting to the external broadcasting station server 300 using a remote communication channel such as the Internet, and performing necessary data communication.
  • a broadcast receiving stage 140 for connecting to the external broadcasting station server 300 using a remote communication channel such as the Internet, and performing necessary data communication.
  • the tool storage unit 210 and the authority storage unit 230 can be embodied by an EEPROM embedded in one chip inside the smart card, and the authentication module 220 can be embodied by a CPU core embedded in one chip inside the smart card and a corresponding program.
  • the smart card can further include a serial communication interface capable of performing serial data communication with the outside (content execution device in this embodiment) through a contact pad.
  • the tool storage unit 210 is for storing tools that are usually distributed only to users permitted by the broadcasting station.
  • the authority storage unit 230 stores identification information of users (to be precise, smart card users) who subscribe to the broadcasting station, and information (e.g. key information, and certificate) necessary for connection (or authentication).
  • a subscriber registered with the broadcasting station and having an issued smart card can execute broadcast content, as long the subscriber has his/her own smart card, according to his/her subscription authority, in any content execution device (however, smart card insertion should be possible) without separate management.
  • the authentication module 220 can hold a security key (a symmetric key method or an asymmetric key method) corresponding to a security key of the external broadcasting server, and its own authenticity can be confirmed through mutual authentication with the broadcasting server.
  • Mutual authentication refers to a smart card authentication method including authentication of the broadcasting server by the smart card, using a feature of the smart card having a self-arithmetic function. Mutual authentication is a technology widely used in the smart card industry.
  • the tool agent 120 is more useful in an embodiment employing a content playing software package means of a tool pack structure of FIG. 3 .
  • the tool pack structure is a software and data package, and is constituted of a tool group including bibliographic information of the tool pack; a tool agent that is original data before being loaded as the tool agent of FIG. 2 ; and tool group possessing at least one tool program activated by the tool agent and processing content data by a predetermined rule.
  • Each type of content data providing service such as public broadcasting or Internet broadcasting has its own separate tool pack.
  • the tool pack structure may further include a tool pack signature value for guaranteeing its tool pack data packet authenticity (indicating that the data packets were created by an authorized person without forgery or alteration).
  • the tool pack information can include a tool server URL indicating a position of the tool server shown in FIG. 1 .
  • the tool agent make public its specifications such as a call interface and/or a parameter and a return variable, for the convenience of manufacturers of external devices or application programs handling content data encoded by the tool pack. It is desirable that, when the tool pack agent intends to execute the content data needing the tool pack, the content data is previously loaded into the tool agent.
  • the tool program is for a separate encoding/decoding process. While processing a task that has to be performed, the activated tool agent can call one or more tool programs and authorize the called tool programs to perform the necessary encoding/decoding process.
  • the tool agent is called by the external device or the application program handling the encoded content data, related manufacturers recognize specifications such as the call interface and/or the parameter, and the return variable for the tool agent.
  • the tool program is called only by the tool agent, in the case where a specification such as a call interface and/or a parameter as well as a return variable for the tool program are protected in private, security of content data conversion can be strengthened without inconveniencing manufacturers of external devices and application programs.
  • the plurality of tool programs included in the tool pack may include all private tool programs and all public tool programs used by the tool agent, or may not include a part of the public tool programs.
  • tool pack data storage efficiency can be improved, though the latter alternative provides somewhat weaker security than the former.
  • the latter alternative should include a common tool pack structure that is a collection of one or more tool programs whose execution specifications, such as the call interface and/or the parameter, and the return variable, are open to the public.
  • Broadcasters “A” and “B” use their own protection tools to protect their paid channel services.
  • the respective broadcasters transmit their tool information and tool initialization information together with content.
  • the broadcasters “A” and “B” transmit their protection tools to a tool server of a tool registration authority (TRA).
  • the tool server registers, manages, and transmits a new tool to an end user (device).
  • a user “C” receives the paid channel service from the current broadcaster “A”. Further, the user “C” desires to subscribe to a new paid channel service from the broadcaster “B”.
  • a method for subscribing to a new broadcaster's content providing service applied in this scenario includes the steps of, in the user device 100 , requesting the new subscription from a broadcasting station server 300 of the new broadcaster (S 110 ) and transmitting user information to the broadcasting station server 300 (S 124 ); in the broadcasting station server 300 , confirming the received user information (S 126 ), and registering the user's smart card 200 (S 132 , S 134 ); in the broadcasting station server 300 , generating key information (S 136 ) and transmitting the generated key information to the smart card 200 (S 140 ); and in the smart card 200 , storing the key information in its internal memory (S 150 ).
  • the structure shown is embodied using the key information as a certificate stored in the smart card.
  • the key information is used for generating a descrambling key in the smart card 200 .
  • the structure may be more complex, and may use a certificate having a format defined in a separate public authentication authority.
  • the user “C” completes subscription to the new broadcasting service “B”.
  • a subscription certificate of the broadcasting service “A” and a subscription certificate of the broadcasting service “B” are stored in the smart card of the user “C” thereby completing the subscription.
  • the user “C” completing the subscription connects the smart card having the embedded subscription certificate to any device (e.g. set-top-box), he/she can receive broadcast content from a broadcasting server of the broadcaster “B”.
  • the user “C” device receiving the content data requires tools for inversely processing (decoding) the received content data.
  • the user “C” does not have the tools for the content data received form the broadcaster “B”. As shown in FIG.
  • a method for acquiring the tools of the broadcaster “B” includes steps of, in the user device 100 connected with the smart card 200 , connecting to the tool server 400 and requesting a tool for a specific broadcast (S 160 ); in the tool server 400 , verifying the smart card 200 (S 170 ); in the tool server 400 , transmitting the tool for the broadcast to the user device 100 (S 180 ); and storing the received tool in the smart card 200 (S 190 ).
  • the broadcasting station server 300 requested to transmit the broadcast content by the user device 100 transmits the tool information including a tool version to the user device 100 together with the content.
  • the tool information may further include a seed number for watermark extraction or a key value for decrypting the encrypted content data.
  • the user device 100 receiving the content data confirms whether or not there are the tools corresponding to the tool information received together with the content in its memory or smart card 200 . If there are not suitable tools, the above tool downloading process is performed, and if there are the suitable tools, the content is executed (played) using the suitable tool.
  • a broadcasting station “A” uses its own protection tool to protect its paid channel service.
  • the broadcasting station “A” has decided to employ a new tool to protect its new service or upgrade a given tool.
  • a user “C” receives the paid channel service from the broadcasting station “A”.
  • a content execution device (including smart card) of the user “C” has only an earlier version protection tool and therefore is required to replace it with the new version tool in order to continuously receive the service of the broadcasting station “A” in the future.
  • the upgrade-decided (or newly employed) tool is registered with the tool server and, when broadcast content is provided, the tool information including a tool version value is transmitted together with the content.
  • Methods for the user device to store the upgraded tool in its smart card include a method of connecting to the tool server and receiving the tool, a method of receiving the tool from the broadcasting station server, and a method of connecting to a place indicated by a tool link received together with the broadcast content, and receiving the tool.
  • the user device connects to a broadcasting station server positioned at a remote place and downloads the tool, operations performed are almost the same. Therefore, only downloading from the tool server will be described in detail below.
  • the tool or the tool link can be broadcast together with the content.
  • the broadcasting station “A” decides to employ the new tool for its own permanent broadcasting service, first, it registers the new tool with the tool server. After that, processes of FIG. 6 are performed.
  • the broadcasting station “A” broadcasts the new tool and related information together with the broadcast content for the logged-in (S 210 ) user device 100 (S 220 ).
  • the user device 100 with the smart card 200 receiving the content performs a tool transmission request procedure.
  • the tool transmission request procedure includes steps of determining a tool necessary for executing the received content (S 230 ); determining whether or not the necessary tool is in the smart card 200 (S 240 ); and connecting to the tool server 400 and requesting a tool not in the smart card 200 (S 260 ).
  • the tool server 400 receiving the tool transmission request performs a procedure of tool transmission.
  • the tool transmission procedure includes steps of verifying the smart card 200 (S 270 ); and transmitting the tool for the broadcast content to the user device 100 (S 280 ). After that, the user device 100 stores the received tool in the smart card 200 (S 290 ), and executes the content using the newly introduced tool.
  • a broadcasting station “A” allows the end users to transmit specific content (all or some) to another device (set-top-box) of a different domain.
  • the broadcasting station “A” and a broadcasting station “B” use their own protection tools for content protection. It is assumed that the broadcasting stations “A” and “B” register their own protection tools with the tool server.
  • a user “C” subscribes to the broadcasting station “A” and a user “D” subscribes to the broadcasting station “B”.
  • the user “C” desires to distribute the content of the broadcasting station “A” from his/her device (source device) to a device (target device) of a user “D”.
  • This scenario is different from a scenario described later in that content distribution is performed from a device registered as being of the user “C” to a device registered as being of the other user “D”.
  • the re-distribution permission checking step (S 310 ) is performed such that a controller of the source device 100 - 1 checks the bibliographic information of the content data stored in an internal storage memory and confirms whether or not it indicates that the content is re-distributable.
  • the bibliographic information is preferably encrypted.
  • the bibliographic information may not be encrypted.
  • a step of authenticating the target device 100 - 2 in the external broadcasting station server 300 may be further included. This is to realize a policy of permitting content re-distribution at least between users subscribing to the content broadcasting service of the present invention (that is, users subscribing to any one broadcasting station service).
  • the content execution devices used in the broadcasting system of the present invention preferably have inherent identification values such as a media access code (MAC).
  • MAC media access code
  • the content execution device can be identified using the inherent identification value (for example, a MAC value or an identification number allotted with application) of the smart card inserted into each content execution device. It is not desirable for the inherent identification values to be allotted to all of the content execution devices, because of a problem of compatibility with a conventional device and increase of a device manufacturing cost. It is desirable for the inherent identification values to be allotted to the smart cards so that devices are identified using the smart cards, because this makes application easy, cheap and convenient for users as well.
  • the inherent identification value for example, a MAC value or an identification number allotted with application
  • the tool server of a tool registration/management center not of the broadcasting station server 300 , to perform user confirmation.
  • Such an embodiment may be desirable because it easily allows the tool server to have information on all subscribers of all broadcasts provided according to the content broadcasting service according to the present invention.
  • the authenticating step of the target device 100 - 2 can include the steps of, in the source device 100 - 1 , transmitting the identification value of the target device 100 - 2 to the tool server; in the tool server, searching a DB for the received identification value and determining whether or not the device corresponding to the identification value holds re-distribution authority; and transmitting the determination result to the target device 100 - 1 .
  • the related information transmitted from the source device to the target device can be information on the tool used for playing the transmission content, and a pointer (URL, link) of the broadcasting station having rights to the content intended to be transmitted.
  • the related information may be transmitted together with a pointer of the tool server.
  • a step of, in the target device 100 - 2 acquiring a needed tool from the tool server (not shown) may be further included.
  • the tool acquiring step is omitted in cases where the target device 100 - 2 already has the tool, and where the necessary tool is transmitted together in the transmitting step of the content/related information.
  • the target device 100 - 2 requests the tool server to transmit the necessary tool and downloads the necessary tool.
  • the requested tool server may transmit the tool to the target device 100 - 2 with a limit on the number of times the tool can be used.
  • the step of requesting content execution permission is performed such that the target device 100 - 2 requests the broadcasting station server 300 of the broadcasting station holding rights to the content for permission to execute the re-distributed content, through wired/wireless communication means.
  • the broadcasting server 300 decides whether or not to issue permission from its own DB in consideration of information on a number of times the content has been re-distributed and a re-distribution limit and, upon decision to grant permission, prepares and transmits the permission with a specified range to the target device 100 - 2 (S 335 ).
  • the target device 100 - 2 plays the re-distributed content using the received permission.
  • the permission may be a software module having an electronic file format and may be unconditionally required for execution of the re-distributed content.
  • the method of re-distributing content stored in a user “C” device (source device), applied to the scenario includes steps of checking whether or not the content intended to be re-distributed are permitted for re-distribution (S 410 ); receiving authentication of the target device 100 - 2 from the external tool server 400 (S 420 ); transmitting the content, use tool information and play permission information to the target device 100 - 2 (S 430 ); and playing the content in the target device 100 - 2 (S 440 ).
  • the step of checking re-distribution permission can be performed such that a controller of the source device 100 - 1 checks the bibliographic information of the content data stored in an internal storage memory, and confirms whether or not it indicates that the content is re-distributable.
  • the bibliographic information is preferably encrypted.
  • the bibliographic information may not be encrypted.
  • the step of receiving authentication of the target device (S 420 ) is included to realize a policy of permitting content re-distribution at least between users (that is, users subscribing to any one broadcasting station service) of the content broadcasting service of the present invention.
  • the content execution devices used in the broadcasting system of the present invention preferably have inherent identification values such as a media access code (MAC).
  • the content execution device can be identified using the inherent identification value (for example, a MAC value or an identification number allotted with chip application) of the smart card inserted into each content execution device.
  • the step of receiving authentication of the target device can include steps of in the source device 100 - 1 , transmitting the identification value of the target device 100 - 2 to the tool server 400 and requesting authentication (S 422 ); authenticating the target device 100 - 2 (S 424 ); and transmitting the determination result to the source device 100 - 1 .
  • the identification value of the target device may be searched for within the DB to perform offline authentication for determining whether or not the device having the identification value holds the authority for re-distribution, or connection with the broadcasting server (not shown) may be made to directly perform online authentication.
  • some of the related information transmitted from the source device 100 - 1 to the target device 100 - 2 is information on the tool used for playing the transmission content.
  • the target device 100 - 2 may check whether or not it has the tool corresponding to the tool information, and if it doesn't, it may notify the source device 100 - 1 and receive the tool from the source device 100 - 1 .
  • the target device 100 - 2 plays the received content using the necessary tool. Also in this step, in some embodiments, the target device 100 - 2 may play the re-distributed content using the received permission.
  • a broadcasting station “A” allows a user to play specific content (all or some) in its own portable device.
  • the broadcasting station registers a tool for playing the portable-device with the tool server.
  • the portable device generally has low performance in playing the broadcast content. Accordingly, the content requires conversion to a suitable resolution depending on specifications of the portable device. This constitutes conversion of content of literary work.
  • a user “C” stores the broadcast content in the source device, and intends to play it in its own portable device (target device).
  • a method of re-distributing the content stored in the device of the user “C”, applied to this scenario, includes steps of: checking whether or not the content stored in the source device 100 - 1 are permitted for conversional re-distribution (S 510 ); requesting the external tool server 400 to transmit a tool for the portable device (hereinafter, referred to as “portable tool”), and downloading the portable device tool (S 520 ); requesting the broadcasting station server 300 for permission to perform altered retransmission to the target device 100 - 3 , and receiving the permission (S 530 ); transmitting the content, the portable tool, and the retransmission permission to the target device (S 540 ); and in the target device ( 100 - 3 ), playing the content using the portable tool and the re-transmission permission (S 550 ).
  • the step of checking for conversional re-distribution permission can be performed such that a controller of the source device 100 - 1 checks the bibliographic information of the content data stored in an internal storage memory and confirms whether or not it indicates that the content is alter-and-re-distributable.
  • the bibliographic information is preferably encrypted.
  • a step of confirming whether or not the target device 100 - 3 is a member of the same domain to which the source device 100 - 1 belongs can be further included.
  • the purpose of this step is to apply a policy for permitting conversional re-distribution of content only between devices of the same user or devices belonging to any one of the service domains (e.g. a home domain).
  • a list of devices (including portable devices) having the relationship may be registered with the broadcasting station server 300 or the tool server 400 , and even with a user's main device (identified by the smart card and serving primarily to receive content from the broadcasting station server).
  • the step of downloading the portable tool (S 520 ) is performed in the source device 100 - 1 . This is because the source device 100 - 1 is easy to connect to the tool server 400 by means such as the Internet, whereas the target device 100 - 3 is mostly used in an offline state.
  • the step of requesting and receiving conversional re-distribution permission can include steps of, in the broadcasting server 300 , searching the DB for the re-distribution policy and the user authority for the content, and determining whether or not portable transmission is permitted; upon decision regarding portable transmission permission, preparing portable transmission permission; and transmitting the prepared permission to the source device 100 - 1 .
  • the source device 100 - 1 transmits the content, the portable tool, and the portable permission to the target device 100 - 3 through a wired/wireless communication means (generally, a cable).
  • a wired/wireless communication means generally, a cable.
  • the target device 100 - 3 executes the received content using the portable tool and the portable permission.
  • the initially provided content in the source device 100 - 1 may be converted into portable content in the broadcasting station server or the target device 100 - 3 . If the content is converted in the source device 100 - 1 , less communication is required. In this case, the content transmitted from the source device 100 - 1 to the target device 100 - 3 is portable converted (that is, downsized) content data and the source device receives a downsizing tool from the broadcasting station server 300 or the tool server 400 and converts the content.

Abstract

The present invention particularly relates to a digital content providing service method and a content execution device for the same, for maximizing user convenience and maintaining a sufficient level of security using a smart card. The inventive content execution device includes an independent authentication unit for storing a tool necessary for executing content; an authentication support module for providing a data communication channel between the smart card and an external broadcasting server; a tool agent for calling the tool stored in the independent authentication unit; and a content execution unit for executing content data received from the external broadcasting server. The content execution device included in a content authority management system of the present invention employs the smart card for user authentication and/or content playing tool management. Accordingly, a user can freely executing his/her licensed content in different content execution devices by conveniently removing and reinserting the smart card, without separate measures. Moreover, according to the present invention, a user can effectively use content from different broadcasters.

Description

    TECHNICAL FIELD
  • The present invention relates to a content providing service method used in digital broadcasting and a content execution device for the same, and more particularly, to a digital content providing service method and a content execution device for the same which maximize user convenience and maintain a sufficient security level using a smart card.
    • BACKGROUND ART
  • Digital content is of excellent quality and quite convenient to manage compared to conventional analog content. However, since digital content can be copied an unlimited number of times, the danger and possible extent of infringement are great. In particular, in digital broadcasting, it is well known that when easy-to-copy digital content is provided to many subscribers, wide scale copyright infringement results. Accordingly, as protection of digital content is rapidly regarded as being of great importance to the development of digital industries, various formats of digital rights management (DRM) have been developed.
  • As broadcasting service is digitalized, a slightly improved protection mechanism is required. A conventional conditional access system (CAS) cannot guarantee the security of broadcast content in emerging broadcasting business models. For example, it cannot guarantee protection of broadcast content from recording and re-distribution.
  • In a conventional broadcasting system, each of broadcasting station servers (broadcasters) uses its own specific protection mechanism for a broadcasting service, and does not have a protection mechanism compatible with other broadcasting stations. Accordingly, if an end user intends to use a new channel service from other broadcasters, he/she has to change his/her own set-top-box (STB). This is very troublesome and costly to consumers of broadcast content.
  • Further, in the case where the user replaces his/her set-top-box with another one, he/she should reregister the new set-top-box with each broadcasting station. This results in great inconvenience to the user.
  • In the meantime, a user lawfully receiving content may wish to use the received content in devices other than a multimedia device used to receive the content, or to re-distribute the received content to other users. However, the conventional art does not permit such varied license distribution. This is a limitation to the user in using the content, and may be an obstacle to the spread of digital content broadcasting.
    • DISCLOSURE Technical Problem
  • The present invention is directed to strengthening of security and/or enhancement of convenience in digital content distribution and management.
  • The present invention is also directed to a content execution device for conveniently performing an authority authentication procedure using a smart card.
  • Further, the present invention is directed to a method of efficiently providing a broadcasting service using a smart card, in a broadcasting system having a structure where authentication and tool management roles are separated.
  • Furthermore, the present invention is directed to a method of efficiently providing broadcasting service using a smart card, in a broadcasting system where a broadcasting content consumer region is specified as a home domain.
  • Furthermore, the present invention is directed to a method of transmitting lawfully acquired content to other users or devices.
    • Technical Solution
  • One aspect of the present invention provides a content execution device including: an independent authentication unit for storing a tool necessary for executing content; a tool agent for calling the tool stored in the independent authentication unit; and a content execution unit for executing content data received from an external broadcasting server.
  • Another aspect of the present invention provides a content broadcasting service subscription method performed in a content execution device (also, called a user device to emphasize belonging to a broadcasting service user side) and a broadcasting server broadcasting content data, the method including the steps of: in the user device, requesting a broadcasting station server for a new subscription; transmitting information of a user smart card connected to the user device, to the broadcasting station server; in the broadcasting station server, checking the received smart card information; registering the new subscription and the smart card with the broadcasting station server; in the broadcasting station server, transmitting a certificate to the smart card; and in the smart card, storing the certificate in an internal memory.
  • Yet another aspect of the present invention provides a content execution method performed in a content execution device, the method including the steps of: receiving content from a broadcasting station server; determining a tool necessary for executing the received content; determining whether or not the necessary tool exists in a smart card; connecting to a tool server, and requesting the tool when it does not exist in the smart card; receiving the tool from the broadcasting station server; storing the received tool in the smart card; and executing the content using the tool stored in the smart card.
  • Yet another aspect of the present invention provides a method for re-distributing content from a content execution device (source device) and to a content execution device (target device), the method including the steps of: checking whether or not re-distribution of the content is permitted; transmitting the content, use tool information, and a point of the broadcasting station server to the target device; in the target device, connecting to the broadcasting station server and requesting permission to execute the content; and receiving the execution permission, and playing the content.
  • Yet another aspect of the present invention provides a method for re-distributing content performed in a source device and a target device, the method including the steps of: checking whether or not re-distribution of the content is permitted; receiving authentication of the target device from an external broadcasting server; transmitting the content, use tool information, and play permission information to the target device; and in the target device, playing the content.
  • Yet another aspect of the present invention provides a method for re-distributing content from a source device to a target device performed in the source device, the method including the steps of: checking whether or not re-distribution of the content is permitted; receiving authentication of the target device in an external tool server; and transmitting the content, use tool information, and a pointer of a broadcasting station server holding rights to the content, to the target device.
  • Yet another aspect of the present invention provides a method for re-distributing content from a source device to a target device performed in the target device, the method including the steps of: receiving the content, use tool information, and a pointer of the broadcasting station server from the source device; connecting to a broadcasting sever holding rights to the content, and requesting permission to execute the content; and receiving execution permission, and playing the content.
  • Yet another aspect of the present invention provides a method for conversional re-distributing content from a content execution device (source device) to a portable device (target device), the method including the steps of: checking whether or not conversional re-distribution of the content stored in the source device is permitted; requesting a tool server for transmission of a portable device tool (hereinafter, referred to as “portable tool”), and downloading the portable tool; requesting a broadcasting station server for permission to re-transmit the content to the target device, and receiving the permission; transmitting content, portable tool, and the re-transmission permission to a portable device; and in the target device, playing the content using the portable tool, and the re-transmission permission.
  • Yet another aspect of the present invention provides a method for conversional re-distributing content from a source device to an external target device, the method including the steps of: checking whether or not conversional re-distribution of the content is permitted; requesting an external tool server for transmission of a portable tool, and downloading the portable tool; requesting a broadcasting station server holding rights to the content, for permission to convert and re-distribute the content, and receiving the permission; and transmitting content, a portable tool, and the permission to re-transmit the content to the target device.
    • ADVANTAGEOUS EFFECTS
  • As described above, in the present invention, a content execution device included in a content authority management system of the present invention employs the smart card for user authentication and/or content playing tool management. Accordingly, a user can freely execute his/her licensed content in different content execution devices by conveniently removing and reinserting the smart card, without separate measures.
  • Moreover, according to the present invention, a user can effectively use content from different broadcasters.
  • Thanks to a content re-distribution method of the present invention, broadcasting non-subscribers also can execute broadcast content within a limited range, thereby fostering widespread, lawful use of broadcast content.
  • According to the content re-distribution method of the present invention, content protected by a copyright protection device can be executed in different multimedia devices such as a PDA, as well as a content broadcasting receiver, thereby fostering widespread, lawful use of broadcast content.
    • DESCRIPTION OF DRAWINGS
  • FIG. 1 illustrates a structure of a content broadcasting system capable of employing a content execution device according to the present invention;
  • FIG. 2 is a block diagram illustrating a structure of a content execution device according to an embodiment of the present invention;
  • FIG. 3 is a block diagram illustrating a structure of a tool pack, which can be applied to a content execution device according to the present invention;
  • FIG. 4 is a block diagram illustrating a content providing service method according to an embodiment of the present invention;
  • FIG. 5 is a block diagram illustrating a content service providing method according to another embodiment of the present invention;
  • FIG. 6 is a block diagram illustrating a content service providing method according to a further embodiment of the present invention;
  • FIG. 7 is a block diagram illustrating a content re-distribution method according to an embodiment of the present invention;
  • FIG. 8 is a block diagram illustrating a content re-distribution method according to another embodiment of the present invention; and
  • FIG. 9 is a block diagram illustrating a content re-distribution method according to a further embodiment of the present invention.
    •  DESCRIPTION OF MAJOR SYMBOLS IN THE ABOVE FIGURES
      • 100: Content execution device
      • 110: Authentication support module
      • 120: Tool agent
      • 130: Content execution unit
      • 140: Broadcast receiving stage
      • 200: Smart card
      • 210: Tool storage unit
      • 220: Authentication module
      • 230: Authority storage unit
      • 300: Broadcasting station server
      • 400: Tool server
    MODE FOR INVENTION
  • For clarity, a digital content protection/management system capable of employing the present invention will be described. A home domain system of the present invention can be used together with various types of digital content protection/management system. However, since the present invention does not relate to a digital content protection/management system, the present invention will be described with reference to a specific digital content protection/management system.
  • The broadcast content protection/management system of FIG. 1 includes a producer server of a content provider; a transmission server 300-1 for transmitting content received from the producer server to respective service subscribers; a clearing house 300-2 for authenticating the respective subscribers and/or content; and a tool server 400 for managing tools for encrypting/decrypting content data.
  • The producer server, which is a server for authoring information for protecting/managing broadcasting content, takes charge of transmitting content information (protection stream) to be protected/managed to the transmission server 300-1 in association with the tool server 400. In other words, the producer server registers content to be broadcasted with the clearing house 300-2, and receives information (e.g. a content ID, a clearing house public key, and a clearing house URL) necessary for distribution. Further, the producer server determines a tool to be applied to the content, and receives tool information (a tool ID and a tool descriptor). In a case where the tool server 400 does not have the tool to be applied, the producer server can also register a new tool and a tool descriptor with the tool server 400 and be allotted a new tool ID. Depending on DMP terminology, the producer server can be operated as CP or SP.
  • The transmission server 300-1 serves to receive the protection stream from the producer server, and transmit the received protection stream to a domain controller (content execution device 100) of the service subscriber. Depending on the embodiment, the protection stream can be converted to have a predetermined format, and transmitted. Depending on the format embodied, the protection stream can be also converted by the tool registered with the tool server 400. In an embodiment where format conversion is made without using the tool server 400, when the producer server prepares and transmits a syntax file of distribution, tool, and storage information to the transmission server 300, it can also transmit information on the tool to be applied in a separate syntax file in the transmission server 300.
  • The tool server 400, for managing tools applied to the broadcast content, systematically manages encrypting/decrypting and/or scrambling/descrambling and/or watermarking/fingerprinting tools for the broadcast content. The tool server 400 can include a server for registering the tool, and a server of tool management authority for distributing/managing the tool. The tool server 400 is for downloading the tools stored in a smart card of this embodiment.
  • The clearing house 300-2, a kind of a server system, takes charge of a function of issuing a license including authority and conditions for controlling use and distribution of broadcast content, a function of billing/payment/settlement based on content use, and a function of user/device/content/domain authentication. The clearing house 300-2 may be an integral authentication system of a broadcasting standard authority for integrally providing digital broadcasting, or may be an authentication system separately provided at each broadcasting station. The clearing house 300-2 registers the smart card, and issues at least one of the necessary security key, key information, and certificate.
  • The producer server, the clearing house 300-2, the transmission server 300-1, and the tool server 400 belong to a broadcasting server domain that is a collection of authorities forming a broadcasting station, from a user's standpoint. From the standpoint of the content execution device 100 according to this embodiment, the transmission server 300-1 and the clearing house 300-2 of the broadcasting server domain, which are remotely connected to the content execution device 100, are collectively called a broadcasting station server 300, and the tool server 400 and the broadcasting station server 300 are collectively called a broadcasting sever.
  • The content protection/management system to which the present invention is applied can be used in association with the inventive home domain system having a plurality of content execution devices and/or a plurality of users included in one home domain. In this case, content re-distribution between devices can be content re-distribution between different home domains, and conversional re-distribution of the content can be content re-distribution between the same home domains.
  • For this, an authentication data storage module of the clearing house 300-2 can have device and/or user information included on a home domain-by-home domain basis, and an authentication execution module can perform a registration procedure for the device and/or the user included on a home domain-by-home domain basis.
  • In this case, the content execution device of this embodiment can be used as a home domain controller of the home domain system having the plurality of content execution devices and/or the plurality of users included in one home domain. The home domain refers to one home domain controller and groups of users and devices (SAV, PAV) belonging to the home domain controller. One home domain controller defines one home domain, and each home domain includes a plurality of users and devices. It can be embodied that, like a set-top-box receiving digital broadcasting, the home domain controller combines one multimedia player by itself, and can also be embodied to take full charge of only home domain management. As such, the home domain controller performs an important role in defining each home domain and managing each user and/or device. The content execution device of this embodiment is capable of easily and safely performing subscriber authentication using the smart card and has features suitable to its role as the home domain controller.
  • Hereinafter, a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings. This embodiment is provided only for example and not intended to limit the scope of the present invention.
  • The content execution device of FIG. 2 is an exemplary embodiment where an independent authentication module is embodied as the smart card, and includes an authentication support module 110 for providing a user authentication channel between the connected smart card 200 and the external broadcasting station server 300; a tool agent 120 for calling the tools stored in the connected smart card 200; and a content execution unit 130 for executing content data received from the external broadcasting station server 300.
  • The authentication smart card 200 connected to the content execution device 100 of this embodiment is comprised of a smart chip having an embedded central processing unit (CPU) and a storage memory (EEPROM). And, in terms of constituent elements of the present invention, the authentication smart card 200 includes a tool storage unit 210 for storing tools necessary for playing the content; an authority storage unit 230 for storing authority information on an external broadcasting server; and an authentication module 220 for performing mutual authentication for the external broadcasting server.
  • The smart card 200 can also be embodied as an RF card employing an RF wireless communication method, but is preferably embodied using a contact type card employing a contact pad communication method in order to secure stable connection with the content execution device 100.
  • The authentication support module 110 can include a contact type terminal for contacting the contact type smart card, and a smart card interface module for converting data to or from a serial communication format for the smart card.
  • The content execution unit 130 and the tool agent 120 can be concretely embodied by an arithmetic unit such as a CPU included in the content execution device, a program executed by the arithmetic unit, and an arithmetic memory such as a RAM for loading the program. The content execution unit 130 has a similar structure and operation as a general multimedia execution device. However, in the case where a specific tool stored in the smart card 200 is required to play the content, the content execution unit 130 can call the tool agent 120. The tool agent 120 serves to load the tool necessary for executing content data, from the tool storage unit 210 of the smart card 200, and execute the loaded tool.
  • The content execution device 100 of this embodiment can further include a broadcast receiving stage 140 for connecting to the external broadcasting station server 300 using a remote communication channel such as the Internet, and performing necessary data communication.
  • The tool storage unit 210 and the authority storage unit 230 can be embodied by an EEPROM embedded in one chip inside the smart card, and the authentication module 220 can be embodied by a CPU core embedded in one chip inside the smart card and a corresponding program. The smart card can further include a serial communication interface capable of performing serial data communication with the outside (content execution device in this embodiment) through a contact pad. The tool storage unit 210 is for storing tools that are usually distributed only to users permitted by the broadcasting station. The authority storage unit 230 stores identification information of users (to be precise, smart card users) who subscribe to the broadcasting station, and information (e.g. key information, and certificate) necessary for connection (or authentication). Accordingly, a subscriber registered with the broadcasting station and having an issued smart card can execute broadcast content, as long the subscriber has his/her own smart card, according to his/her subscription authority, in any content execution device (however, smart card insertion should be possible) without separate management. The authentication module 220 can hold a security key (a symmetric key method or an asymmetric key method) corresponding to a security key of the external broadcasting server, and its own authenticity can be confirmed through mutual authentication with the broadcasting server. Mutual authentication refers to a smart card authentication method including authentication of the broadcasting server by the smart card, using a feature of the smart card having a self-arithmetic function. Mutual authentication is a technology widely used in the smart card industry.
  • Meanwhile, the tool agent 120 is more useful in an embodiment employing a content playing software package means of a tool pack structure of FIG. 3.
  • One example of the tool pack structure is a software and data package, and is constituted of a tool group including bibliographic information of the tool pack; a tool agent that is original data before being loaded as the tool agent of FIG. 2; and tool group possessing at least one tool program activated by the tool agent and processing content data by a predetermined rule. Each type of content data providing service such as public broadcasting or Internet broadcasting has its own separate tool pack. In different embodiments, the tool pack structure may further include a tool pack signature value for guaranteeing its tool pack data packet authenticity (indicating that the data packets were created by an authorized person without forgery or alteration). The tool pack information can include a tool server URL indicating a position of the tool server shown in FIG. 1.
  • It is desirable for the tool agent make public its specifications such as a call interface and/or a parameter and a return variable, for the convenience of manufacturers of external devices or application programs handling content data encoded by the tool pack. It is desirable that, when the tool pack agent intends to execute the content data needing the tool pack, the content data is previously loaded into the tool agent.
  • The tool program is for a separate encoding/decoding process. While processing a task that has to be performed, the activated tool agent can call one or more tool programs and authorize the called tool programs to perform the necessary encoding/decoding process. However, it is desirable that, since the tool agent is called by the external device or the application program handling the encoded content data, related manufacturers recognize specifications such as the call interface and/or the parameter, and the return variable for the tool agent. But, since the tool program is called only by the tool agent, in the case where a specification such as a call interface and/or a parameter as well as a return variable for the tool program are protected in private, security of content data conversion can be strengthened without inconveniencing manufacturers of external devices and application programs.
  • Meanwhile, the plurality of tool programs included in the tool pack may include all private tool programs and all public tool programs used by the tool agent, or may not include a part of the public tool programs. When most frequently used public tool programs in the plurality of tool packs are separately stored, tool pack data storage efficiency can be improved, though the latter alternative provides somewhat weaker security than the former. For this purpose, the latter alternative should include a common tool pack structure that is a collection of one or more tool programs whose execution specifications, such as the call interface and/or the parameter, and the return variable, are open to the public.
  • Operation of a broadcasting service providing system according to this embodiment will be described with respect to several detailed scenarios.
  • Scenario I. Subscription to New Broadcasting Service
  • This scenario is as follows. Broadcasters “A” and “B” use their own protection tools to protect their paid channel services. The respective broadcasters transmit their tool information and tool initialization information together with content. The broadcasters “A” and “B” transmit their protection tools to a tool server of a tool registration authority (TRA). The tool server registers, manages, and transmits a new tool to an end user (device). A user “C” receives the paid channel service from the current broadcaster “A”. Further, the user “C” desires to subscribe to a new paid channel service from the broadcaster “B”.
  • As shown in FIG. 4, a method for subscribing to a new broadcaster's content providing service applied in this scenario includes the steps of, in the user device 100, requesting the new subscription from a broadcasting station server 300 of the new broadcaster (S110) and transmitting user information to the broadcasting station server 300 (S124); in the broadcasting station server 300, confirming the received user information (S126), and registering the user's smart card 200 (S132, S134); in the broadcasting station server 300, generating key information (S136) and transmitting the generated key information to the smart card 200 (S140); and in the smart card 200, storing the key information in its internal memory (S150).
  • The structure shown is embodied using the key information as a certificate stored in the smart card. The key information is used for generating a descrambling key in the smart card 200. In different embodiments, the structure may be more complex, and may use a certificate having a format defined in a separate public authentication authority.
  • Through the above procedure, the user “C” completes subscription to the new broadcasting service “B”. A subscription certificate of the broadcasting service “A” and a subscription certificate of the broadcasting service “B” are stored in the smart card of the user “C” thereby completing the subscription. As such, if the user “C” completing the subscription connects the smart card having the embedded subscription certificate to any device (e.g. set-top-box), he/she can receive broadcast content from a broadcasting server of the broadcaster “B”.
  • However, when the broadcasting server of the broadcaster “B” processes (encodes) and provides content data using its own tools, the user “C” device receiving the content data requires tools for inversely processing (decoding) the received content data. In a subscription-completed state, the user “C” does not have the tools for the content data received form the broadcaster “B”. As shown in FIG. 5, a method for acquiring the tools of the broadcaster “B” includes steps of, in the user device 100 connected with the smart card 200, connecting to the tool server 400 and requesting a tool for a specific broadcast (S160); in the tool server 400, verifying the smart card 200 (S170); in the tool server 400, transmitting the tool for the broadcast to the user device 100 (S180); and storing the received tool in the smart card 200 (S190).
  • The broadcasting station server 300 requested to transmit the broadcast content by the user device 100 transmits the tool information including a tool version to the user device 100 together with the content. In different embodiments, the tool information may further include a seed number for watermark extraction or a key value for decrypting the encrypted content data. The user device 100 receiving the content data confirms whether or not there are the tools corresponding to the tool information received together with the content in its memory or smart card 200. If there are not suitable tools, the above tool downloading process is performed, and if there are the suitable tools, the content is executed (played) using the suitable tool.
  • Scenario II. Upgrading of Protection Tool
  • This scenario is as follows. A broadcasting station “A” uses its own protection tool to protect its paid channel service. The broadcasting station “A” has decided to employ a new tool to protect its new service or upgrade a given tool. At present, a user “C” receives the paid channel service from the broadcasting station “A”. A content execution device (including smart card) of the user “C” has only an earlier version protection tool and therefore is required to replace it with the new version tool in order to continuously receive the service of the broadcasting station “A” in the future. In a broadcasting station server of the broadcasting station “A”, the upgrade-decided (or newly employed) tool is registered with the tool server and, when broadcast content is provided, the tool information including a tool version value is transmitted together with the content.
  • Methods for the user device to store the upgraded tool in its smart card include a method of connecting to the tool server and receiving the tool, a method of receiving the tool from the broadcasting station server, and a method of connecting to a place indicated by a tool link received together with the broadcast content, and receiving the tool. In all the above three cases where the user device connects to a broadcasting station server positioned at a remote place and downloads the tool, operations performed are almost the same. Therefore, only downloading from the tool server will be described in detail below. Alternatively, the tool or the tool link can be broadcast together with the content.
  • If the broadcasting station “A” decides to employ the new tool for its own permanent broadcasting service, first, it registers the new tool with the tool server. After that, processes of FIG. 6 are performed. The broadcasting station “A” broadcasts the new tool and related information together with the broadcast content for the logged-in (S210) user device 100 (S220). The user device 100 with the smart card 200 receiving the content performs a tool transmission request procedure. The tool transmission request procedure includes steps of determining a tool necessary for executing the received content (S230); determining whether or not the necessary tool is in the smart card 200 (S240); and connecting to the tool server 400 and requesting a tool not in the smart card 200 (S260).
  • The tool server 400 receiving the tool transmission request performs a procedure of tool transmission. The tool transmission procedure includes steps of verifying the smart card 200 (S270); and transmitting the tool for the broadcast content to the user device 100 (S280). After that, the user device 100 stores the received tool in the smart card 200 (S290), and executes the content using the newly introduced tool.
  • Scenario III. Transmission of Broadcast Content to Another STB
  • This scenario is as follows. A broadcasting station “A” allows the end users to transmit specific content (all or some) to another device (set-top-box) of a different domain. The broadcasting station “A” and a broadcasting station “B” use their own protection tools for content protection. It is assumed that the broadcasting stations “A” and “B” register their own protection tools with the tool server. A user “C” subscribes to the broadcasting station “A” and a user “D” subscribes to the broadcasting station “B”. The user “C” desires to distribute the content of the broadcasting station “A” from his/her device (source device) to a device (target device) of a user “D”. This scenario is different from a scenario described later in that content distribution is performed from a device registered as being of the user “C” to a device registered as being of the other user “D”.
  • As shown in FIG. 7, a re-distribution method of the content stored in the source device of the user “C”, which applies to this scenario, includes steps of checking whether or not the content intended to be re-distributed are permitted for re-distribution (S310); transmitting the content, use tool information, and a pointer of the broadcasting station to the target device (S320); in the target device, requesting the broadcasting station server for permission to execute the received content (S330); and receiving the execution permission (S335) and playing the content (S340).
  • The re-distribution permission checking step (S310) is performed such that a controller of the source device 100-1 checks the bibliographic information of the content data stored in an internal storage memory and confirms whether or not it indicates that the content is re-distributable. In order to prevent unlawful damage to the indication regarding permission, the bibliographic information is preferably encrypted. However, in the case where there is a procedure (e.g. S330 and S335 below) of checking with the broadcasting station whether or not re-distribution is again enabled in a subsequent process, the bibliographic information may not be encrypted.
  • In embodiments where re-distribution is more strictly regulated, after the re-distribution authority checking step (S310), a step of authenticating the target device 100-2 in the external broadcasting station server 300 may be further included. This is to realize a policy of permitting content re-distribution at least between users subscribing to the content broadcasting service of the present invention (that is, users subscribing to any one broadcasting station service). In order to more suitably apply this step, the content execution devices used in the broadcasting system of the present invention preferably have inherent identification values such as a media access code (MAC). In this embodiment, the content execution device can be identified using the inherent identification value (for example, a MAC value or an identification number allotted with application) of the smart card inserted into each content execution device. It is not desirable for the inherent identification values to be allotted to all of the content execution devices, because of a problem of compatibility with a conventional device and increase of a device manufacturing cost. It is desirable for the inherent identification values to be allotted to the smart cards so that devices are identified using the smart cards, because this makes application easy, cheap and convenient for users as well.
  • It is possible for the tool server of a tool registration/management center, not of the broadcasting station server 300, to perform user confirmation. Such an embodiment may be desirable because it easily allows the tool server to have information on all subscribers of all broadcasts provided according to the content broadcasting service according to the present invention.
  • The authenticating step of the target device 100-2 can include the steps of, in the source device 100-1, transmitting the identification value of the target device 100-2 to the tool server; in the tool server, searching a DB for the received identification value and determining whether or not the device corresponding to the identification value holds re-distribution authority; and transmitting the determination result to the target device 100-1.
  • In the step of transmitting the content/related information (S320), the related information transmitted from the source device to the target device can be information on the tool used for playing the transmission content, and a pointer (URL, link) of the broadcasting station having rights to the content intended to be transmitted. In the case where the related information is transmitted to a user who does not subscribe to a broadcasting copyright management system, it may be transmitted together with a pointer of the tool server.
  • In different embodiments, after the step of transmitting the content and related information (S320), a step of, in the target device 100-2, acquiring a needed tool from the tool server (not shown) may be further included. The tool acquiring step is omitted in cases where the target device 100-2 already has the tool, and where the necessary tool is transmitted together in the transmitting step of the content/related information. The target device 100-2 requests the tool server to transmit the necessary tool and downloads the necessary tool. In different embodiments, the requested tool server may transmit the tool to the target device 100-2 with a limit on the number of times the tool can be used.
  • The step of requesting content execution permission (S330) is performed such that the target device 100-2 requests the broadcasting station server 300 of the broadcasting station holding rights to the content for permission to execute the re-distributed content, through wired/wireless communication means. The broadcasting server 300 decides whether or not to issue permission from its own DB in consideration of information on a number of times the content has been re-distributed and a re-distribution limit and, upon decision to grant permission, prepares and transmits the permission with a specified range to the target device 100-2 (S335).
  • In the step of playing the content (S340), the target device 100-2 plays the re-distributed content using the received permission. The permission may be a software module having an electronic file format and may be unconditionally required for execution of the re-distributed content.
  • In another embodiment of a method of re-distributing content to another user's device (target device) with a structure of FIG. 8, the method of re-distributing content stored in a user “C” device (source device), applied to the scenario, includes steps of checking whether or not the content intended to be re-distributed are permitted for re-distribution (S410); receiving authentication of the target device 100-2 from the external tool server 400 (S420); transmitting the content, use tool information and play permission information to the target device 100-2 (S430); and playing the content in the target device 100-2 (S440).
  • The step of checking re-distribution permission (S410) can be performed such that a controller of the source device 100-1 checks the bibliographic information of the content data stored in an internal storage memory, and confirms whether or not it indicates that the content is re-distributable. In order to prevent unlawful damage to the indication regarding permission, the bibliographic information is preferably encrypted. However, in the case where there is a separate procedure of checking with the broadcasting station whether or not re-distribution is again possible in a subsequent process, the bibliographic information may not be encrypted.
  • The step of receiving authentication of the target device (S420) is included to realize a policy of permitting content re-distribution at least between users (that is, users subscribing to any one broadcasting station service) of the content broadcasting service of the present invention. In order to more suitably apply this step, the content execution devices used in the broadcasting system of the present invention preferably have inherent identification values such as a media access code (MAC). In this embodiment, the content execution device can be identified using the inherent identification value (for example, a MAC value or an identification number allotted with chip application) of the smart card inserted into each content execution device. It is not desirable for the inherent identification values to be allotted to all of the content execution devices, because of a problem of compatibility with a conventional device and increase of a device manufacturing cost. It is desirable for the inherent identification values to be allotted to the smart cards so that devices are identified using the smart cards, because this makes application easy, cheap and convenient for users as well.
  • The step of receiving authentication of the target device (S420) can include steps of in the source device 100-1, transmitting the identification value of the target device 100-2 to the tool server 400 and requesting authentication (S422); authenticating the target device 100-2 (S424); and transmitting the determination result to the source device 100-1.
  • In some embodiments, in the authenticating step (S424), the identification value of the target device may be searched for within the DB to perform offline authentication for determining whether or not the device having the identification value holds the authority for re-distribution, or connection with the broadcasting server (not shown) may be made to directly perform online authentication.
  • In the step of transmitting the content/related information (S430), some of the related information transmitted from the source device 100-1 to the target device 100-2 is information on the tool used for playing the transmission content. In some embodiments, the target device 100-2 may check whether or not it has the tool corresponding to the tool information, and if it doesn't, it may notify the source device 100-1 and receive the tool from the source device 100-1.
  • In the content playing step (S440), the target device 100-2 plays the received content using the necessary tool. Also in this step, in some embodiments, the target device 100-2 may play the re-distributed content using the received permission.
  • Scenario IV. Transmission of Broadcast Content to Other Multimedia Devices
  • This scenario is as follows. A broadcasting station “A” allows a user to play specific content (all or some) in its own portable device. The broadcasting station registers a tool for playing the portable-device with the tool server. The portable device generally has low performance in playing the broadcast content. Accordingly, the content requires conversion to a suitable resolution depending on specifications of the portable device. This constitutes conversion of content of literary work. A user “C” stores the broadcast content in the source device, and intends to play it in its own portable device (target device).
  • As shown in FIG. 9, a method of re-distributing the content stored in the device of the user “C”, applied to this scenario, includes steps of: checking whether or not the content stored in the source device 100-1 are permitted for conversional re-distribution (S510); requesting the external tool server 400 to transmit a tool for the portable device (hereinafter, referred to as “portable tool”), and downloading the portable device tool (S520); requesting the broadcasting station server 300 for permission to perform altered retransmission to the target device 100-3, and receiving the permission (S530); transmitting the content, the portable tool, and the retransmission permission to the target device (S540); and in the target device (100-3), playing the content using the portable tool and the re-transmission permission (S550).
  • The step of checking for conversional re-distribution permission (S510) can be performed such that a controller of the source device 100-1 checks the bibliographic information of the content data stored in an internal storage memory and confirms whether or not it indicates that the content is alter-and-re-distributable. In order to prevent unlawful damage to the indication regarding permission, the bibliographic information is preferably encrypted.
  • After the step of checking for conversional re-distribution permission (S510), a step of confirming whether or not the target device 100-3 is a member of the same domain to which the source device 100-1 belongs can be further included. The purpose of this step is to apply a policy for permitting conversional re-distribution of content only between devices of the same user or devices belonging to any one of the service domains (e.g. a home domain). Here, in some embodiments, a list of devices (including portable devices) having the relationship may be registered with the broadcasting station server 300 or the tool server 400, and even with a user's main device (identified by the smart card and serving primarily to receive content from the broadcasting station server).
  • The step of downloading the portable tool (S520) is performed in the source device 100-1. This is because the source device 100-1 is easy to connect to the tool server 400 by means such as the Internet, whereas the target device 100-3 is mostly used in an offline state.
  • The step of requesting and receiving conversional re-distribution permission (S530) can include steps of, in the broadcasting server 300, searching the DB for the re-distribution policy and the user authority for the content, and determining whether or not portable transmission is permitted; upon decision regarding portable transmission permission, preparing portable transmission permission; and transmitting the prepared permission to the source device 100-1.
  • In the content transmission step (S540), the source device 100-1 transmits the content, the portable tool, and the portable permission to the target device 100-3 through a wired/wireless communication means (generally, a cable). When the same tool as the received portable tool is already stored in the internal storage memory, the target device 100-3 may receive only the content and the portable permission.
  • In the content playing step, the target device 100-3 executes the received content using the portable tool and the portable permission.
  • In some embodiments, the initially provided content in the source device 100-1 may be converted into portable content in the broadcasting station server or the target device 100-3. If the content is converted in the source device 100-1, less communication is required. In this case, the content transmitted from the source device 100-1 to the target device 100-3 is portable converted (that is, downsized) content data and the source device receives a downsizing tool from the broadcasting station server 300 or the tool server 400 and converts the content.
  • While the invention has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (21)

1. A content execution device comprising:
an independent authentication unit for storing a tool necessary for executing content;
a tool agent for calling the tool stored in the independent authentication unit; and
a content execution unit for executing content data received from an external broadcasting server.
2. The content execution device of claim 1, wherein the independent authentication unit is a smart card.
3. The content execution device of claim 2, further comprising an authentication support module for providing a data communication channel between the smart card and the external broadcasting server.
4. The content execution device of claim 2, wherein the smart card comprises:
a tool storage unit for storing the tool necessary for content execution;
an authority storage unit for storing authority information on the external broadcasting server; and
an authentication module for performing mutual authentication with the external broadcasting server.
5. The content execution device of claim 1, further comprising a tool upgrading unit connected to the external broadcasting server and upgrading the tool stored in the independent authentication unit.
6. A content broadcasting service subscription method, comprising the steps of:
requesting, at a user device, a broadcasting station server for a new subscription;
transmitting information of a user smart card connected to the user device, to the broadcasting station server;
confirming, at the broadcasting station server, the received smart card information;
registering the new subscription and the smart card with the broadcasting station server;
transmitting, at the broadcasting station server, a certificate to the smart card; and
storing, at the smart card, the certificate in an internal memory.
7. The content broadcasting service subscription method of claim 6, after the certificate storing step, further comprising the steps of:
connecting, at the user device, to a tool server integrally managing at least one tool necessary for content execution, and requesting a specific tool;
verifying, at the tool server, the smart card;
transmitting, at the tool server, the specific tool to the user device; and
storing the received specific tool in the smart card.
8. A content execution method comprising the steps of:
receiving content from a broadcasting station server;
determining a tool necessary for executing the received content;
determining whether or not the necessary tool exists in a smart card;
connecting to a tool server, and requesting the tool when it does not exist in the smart card;
receiving the tool from the broadcasting station server;
storing the received tool in the smart card; and
executing the content using the tool stored in the smart card.
9. A method for re-distributing content stored in a source device to a target device, with permission from a broadcasting station server and/or a tool server, the method comprising the steps of:
checking whether or not re-distribution of the content is permitted;
transmitting the content, use tool information, and a point of the broadcasting station server to the target device;
connecting, at the target device, to the broadcasting station server and requesting permission to execute the content; and
receiving the execution permission, and playing the content.
10. The method for re-distributing content of claim 9, after the step of checking for re-distribution permission, further comprising the step of receiving authentication of the target device from the tool server.
11. The method for re-distributing content of claim 10, wherein receiving authentication step of the target device comprises the steps of:
transmitting, at the source device, an identification value of a target device to the tool server;
searching, at the tool server, a DB for the received identification value, and determining whether or not the target device holds re-distribution authority; and
transmitting the determination result to the source device.
12. The method for re-distributing content of claim 9, after the content transmitting step, further comprising the step of, in the target device, acquiring a necessary tool from the tool server.
13. A method for re-distributing content stored in a source device to a target device, with permission from a broadcasting server, the method comprising the steps of:
checking whether or not re-distribution of the content is permitted;
receiving authentication of the target device from an external broadcasting server;
transmitting the content, use tool information, and play permission information to the target device; and
playing, at the target device, the content.
14. A method for conversional re-distributing content stored in a source device, to a target device, with permission from a broadcasting station server and/or a tool server, the method comprising the steps of:
checking whether or not conversional re-distribution of the content stored in the source device is permitted;
requesting the tool server for transmission of a portable tool, and downloading the portable tool;
requesting the broadcasting station server for content conversional re-distribution permission, and receiving the permission;
transmitting content, a portable tool, and the permission to re-transmit the content to the target device; and
playing, at the target device, the content using the portable tool and the re-transmission permission.
15. The method for re-distributing content of claim 14, after the step of checking for re-distribution permission, further comprising the step of confirming whether or not the target device is a member of the same user domain to which the source device belongs.
16. A method for re-distributing content at a content device to an external target device, the method comprising the steps of:
checking whether or not re-distribution of the content is permitted;
receiving authentication of the target device from an external tool server; and
transmitting the content, use tool information, and a pointer of a broadcasting station server holding rights to the content, to the target device.
17. The method for re-distributing content of claim 16, wherein the receiving authentication step of target device comprises the steps of:
transmitting, at the content device, an identification value of the target device to the tool server; and
receiving a determination result as to whether or not the target device holds re-distribution authority, from the tool server.
18. A method for re-distributing content from an external source device at a content device, the method comprising the steps of:
receiving the content, use tool information, and a pointer of the broadcasting station server from the source device;
connecting to a broadcasting sever holding rights to the content, and requesting permission to execute the content; and
receiving execution permission, and playing the content.
19. The method for re-distributing content of claim 18, after the content transmitting step, further comprising the step of acquiring a tool corresponding to the use tool information from an external tool server.
20. A method for converting and re-distributing content at a content device to an external target device, the method comprising the steps of:
checking whether or not conversional re-distribution of the content is permitted;
requesting an external tool server for transmission of a portable tool, and downloading the portable tool;
requesting a broadcasting station server holding rights to the content for permission to convert and re-distribute the content, and receiving the permission; and
transmitting content, a portable tool, and the permission to re-transmit the content to the target device.
21. The method for re-distributing content of claim 20, after the step of checking for re-distribution permission, further comprising the step of confirming whether or not the target device is a member of the same user domain to which the source device belongs.
US11/722,215 2005-01-26 2006-01-26 Contents execution device equipped with independent authentication means and contents re-distribution method Expired - Fee Related US8151342B2 (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
KR20050007143 2005-01-26
KR10-2005-0007143 2005-01-26
KR10-2006-0007634 2006-01-25
KR1020060007634A KR100784688B1 (en) 2005-01-26 2006-01-25 Contents Execution Device equipped with Independent Authentication Means and Contents Re-Distribution Method
PCT/KR2006/000308 WO2006080814A1 (en) 2005-01-26 2006-01-26 Contents execution device equipped with independent authentication means and contents re-distribution method

Publications (2)

Publication Number Publication Date
US20090077652A1 true US20090077652A1 (en) 2009-03-19
US8151342B2 US8151342B2 (en) 2012-04-03

Family

ID=37175661

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/722,215 Expired - Fee Related US8151342B2 (en) 2005-01-26 2006-01-26 Contents execution device equipped with independent authentication means and contents re-distribution method

Country Status (5)

Country Link
US (1) US8151342B2 (en)
EP (1) EP2309731A1 (en)
JP (1) JP2008529152A (en)
KR (1) KR100784688B1 (en)
CN (1) CN101107844B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080019288A1 (en) * 2006-07-18 2008-01-24 Samsung Electronics Co., Ltd. System and method for managing domain-state information
US20100115572A1 (en) * 2008-11-05 2010-05-06 Comcast Cable Communications, Llc System and method for providing digital content
US20120246717A1 (en) * 2011-03-22 2012-09-27 Eldon Technology Limited Apparatus, systems and methods for securely storing media content events on a flash memory device
EP2506590A1 (en) * 2011-03-28 2012-10-03 Sony Corporation Authentication Certificates
WO2012131316A1 (en) * 2011-03-28 2012-10-04 Sony Corporation Content encryption
WO2014029825A1 (en) * 2012-08-21 2014-02-27 Strategy & Technology Limited Device authentication
US9514287B2 (en) * 2014-06-26 2016-12-06 Disney Enterprises, Inc. Automated device authorizaton and deauthorization

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7461071B2 (en) * 2005-04-04 2008-12-02 Younite, Inc. Distributed management framework for personal attributes
US8463813B2 (en) * 2007-04-12 2013-06-11 Younite, Inc. Individualized data sharing
US8321948B2 (en) * 2008-03-28 2012-11-27 Sap Ag Flexible appliance hosting with coordination of deployment, licensing and configuration
KR100968957B1 (en) * 2008-07-23 2010-07-14 주식회사 케이티 Method and terminal for confirming rights object
KR101007359B1 (en) * 2008-09-05 2011-01-13 주식회사 케이티 Security platform mounted on smart card
US8813029B2 (en) * 2012-05-24 2014-08-19 International Business Machines Corporation Remote card content management using synchronous server-side scripting
JP2014096133A (en) * 2012-10-10 2014-05-22 Ricoh Co Ltd Transmission terminal, transmission system, and program
CN103870724B (en) * 2012-12-12 2017-03-01 财团法人资讯工业策进会 Main managing device, proxy management device, electronic installation and authorization management method
KR102165764B1 (en) 2014-02-28 2020-10-14 에스케이텔레콤 주식회사 Method and apparatus for providing redistribution link
WO2017018768A1 (en) * 2015-07-25 2017-02-02 엘지전자 주식회사 Broadcast signal transmission device, broadcast signal reception device, broadcast signal transmission method, and broadcast signal reception method
US20210377018A1 (en) * 2020-05-29 2021-12-02 Electric Power Research Institute, Inc. Secure remote access to industrial control systems using hardware based authentication

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6055314A (en) * 1996-03-22 2000-04-25 Microsoft Corporation System and method for secure purchase and delivery of video content programs
US20030018582A1 (en) * 2001-07-20 2003-01-23 Yoram Yaacovi Redistribution of rights-managed content
US20030225701A1 (en) * 2002-02-28 2003-12-04 Lee Won Ha System for protecting and managing digital contents
US20040030930A1 (en) * 2001-09-12 2004-02-12 Ryosuke Nomura Content distribution system, content distribution method, and client terminal
US20040039916A1 (en) * 2002-05-10 2004-02-26 David Aldis System and method for multi-tiered license management and distribution using networked clearinghouses
US20040086127A1 (en) * 2002-11-05 2004-05-06 Candelore Brant L. Mechanism for protecting the transfer of digital content
US7167841B2 (en) * 2000-03-30 2007-01-23 Matsushita Electric Industrial Co., Ltd. Content distributing system, content distributing service server, and community site server
US7299362B2 (en) * 2001-10-29 2007-11-20 Matsushita Electric Industrial Co., Ltd. Apparatus of a baseline DVB-CPCM
US7404082B2 (en) * 2004-09-16 2008-07-22 General Instrument Corporation System and method for providing authorized access to digital content
US7571328B2 (en) * 2005-02-01 2009-08-04 Microsoft Corporation System and method for distributing digital content over a network

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU741114B2 (en) 1997-03-21 2001-11-22 Nagra France Sas Smartcard for use with a receiver of encrypted broadcast signals, and receiver
AU5316799A (en) 1998-07-17 2000-02-07 Thomson Licensing S.A. A conditional access system for broadcast digital television
JP4025941B2 (en) * 1998-12-28 2007-12-26 ソニー株式会社 Information signal duplication control system and information output device
JP2002163141A (en) * 2000-11-28 2002-06-07 Nippon Telegr & Teleph Corp <Ntt> Advertisement-added content delivery method, system, and storage medium for advertisement-added content delivery program
JP3678164B2 (en) * 2001-04-13 2005-08-03 ソニー株式会社 Data transfer system, data transfer device, data recording device, and data transfer method
JP2003122726A (en) * 2001-06-07 2003-04-25 Hitachi Ltd Method and system for contents control, and its processing program
WO2003043310A1 (en) * 2001-09-25 2003-05-22 Thomson Licensing S.A. Ca system for broadcast dtv using multiple keys for different service providers and service areas
JP4252280B2 (en) 2001-10-29 2009-04-08 パナソニック株式会社 Baseline DVB-CPCM equipment
FR2834406A1 (en) 2001-12-28 2003-07-04 Thomson Licensing Sa METHOD FOR UPDATING A REVOCATION LIST OF NON-CONFORMING KEYS, DEVICES OR MODULES IN A SECURE CONTENT BROADCASTING SYSTEM
JP4323745B2 (en) * 2002-01-15 2009-09-02 三洋電機株式会社 Storage device
JP2003333522A (en) * 2002-05-17 2003-11-21 Victor Co Of Japan Ltd Data reproducing apparatus and data reproducing method
MXPA05007056A (en) * 2002-12-30 2005-09-12 Koninkl Philips Electronics Nv Divided rights in authorized domain.
JP4424465B2 (en) * 2003-06-09 2010-03-03 ソニー株式会社 Information device, information server, and information processing program
KR100983650B1 (en) 2003-06-27 2010-09-24 주식회사 케이티 Method for interactive data transfer based on set-top box
KR101053726B1 (en) 2003-09-17 2011-08-02 엘지전자 주식회사 Software upgrade method and device in digital broadcasting system
JP2005151347A (en) 2003-11-18 2005-06-09 Mie Television Broadcasting Co Ltd Aggregation service method and aggregation service system
KR20050063860A (en) 2003-12-23 2005-06-29 한국전자통신연구원 Method and apparatus for software transmission using digital data broadcasting

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6055314A (en) * 1996-03-22 2000-04-25 Microsoft Corporation System and method for secure purchase and delivery of video content programs
US7167841B2 (en) * 2000-03-30 2007-01-23 Matsushita Electric Industrial Co., Ltd. Content distributing system, content distributing service server, and community site server
US20030018582A1 (en) * 2001-07-20 2003-01-23 Yoram Yaacovi Redistribution of rights-managed content
US20040030930A1 (en) * 2001-09-12 2004-02-12 Ryosuke Nomura Content distribution system, content distribution method, and client terminal
US7299362B2 (en) * 2001-10-29 2007-11-20 Matsushita Electric Industrial Co., Ltd. Apparatus of a baseline DVB-CPCM
US20030225701A1 (en) * 2002-02-28 2003-12-04 Lee Won Ha System for protecting and managing digital contents
US20040039916A1 (en) * 2002-05-10 2004-02-26 David Aldis System and method for multi-tiered license management and distribution using networked clearinghouses
US20040086127A1 (en) * 2002-11-05 2004-05-06 Candelore Brant L. Mechanism for protecting the transfer of digital content
US7404082B2 (en) * 2004-09-16 2008-07-22 General Instrument Corporation System and method for providing authorized access to digital content
US7571328B2 (en) * 2005-02-01 2009-08-04 Microsoft Corporation System and method for distributing digital content over a network

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080019288A1 (en) * 2006-07-18 2008-01-24 Samsung Electronics Co., Ltd. System and method for managing domain-state information
US20100115572A1 (en) * 2008-11-05 2010-05-06 Comcast Cable Communications, Llc System and method for providing digital content
US8644511B2 (en) * 2008-11-05 2014-02-04 Comcast Cable Communications, LLC. System and method for providing digital content
US9300662B2 (en) 2008-11-05 2016-03-29 Comcast Cable Communications, Llc System and method for providing digital content
US9218300B2 (en) * 2011-03-22 2015-12-22 Echostar Uk Holdings Limited Apparatus, systems and methods for securely storing media content events on a flash memory device
US20120246717A1 (en) * 2011-03-22 2012-09-27 Eldon Technology Limited Apparatus, systems and methods for securely storing media content events on a flash memory device
US9355281B2 (en) * 2011-03-22 2016-05-31 Echostar Uk Holdings Limited Apparatus, systems and methods for securely storing media content events on a flash memory device
US9047492B2 (en) * 2011-03-22 2015-06-02 Echostar Uk Holdings Limited Apparatus, systems and methods for securely storing media content events on a flash memory device
US20150269093A1 (en) * 2011-03-22 2015-09-24 Echostar Uk Holdings Limited Apparatus, systems and methods for securely storing media content events on a flash memory device
EP2506590A1 (en) * 2011-03-28 2012-10-03 Sony Corporation Authentication Certificates
US9294446B2 (en) 2011-03-28 2016-03-22 Sony Corporation Content encryption
WO2012131316A1 (en) * 2011-03-28 2012-10-04 Sony Corporation Content encryption
WO2014029825A1 (en) * 2012-08-21 2014-02-27 Strategy & Technology Limited Device authentication
US9514287B2 (en) * 2014-06-26 2016-12-06 Disney Enterprises, Inc. Automated device authorizaton and deauthorization

Also Published As

Publication number Publication date
KR100784688B1 (en) 2007-12-12
KR20060086304A (en) 2006-07-31
EP2309731A1 (en) 2011-04-13
JP2008529152A (en) 2008-07-31
CN101107844B (en) 2012-01-11
CN101107844A (en) 2008-01-16
US8151342B2 (en) 2012-04-03

Similar Documents

Publication Publication Date Title
US8151342B2 (en) Contents execution device equipped with independent authentication means and contents re-distribution method
US7299362B2 (en) Apparatus of a baseline DVB-CPCM
US20090044241A1 (en) Broadcasting content protection/management system
JP4856168B2 (en) Tool pack structure and content execution device
US20040139312A1 (en) Categorization of host security levels based on functionality implemented inside secure hardware
JP4854753B2 (en) Rights distribution type IPMP device messaging and multiplexing method in MPEG IPMP content
US20090313665A1 (en) Digital rights management licensing over third party networks
CN102598620A (en) Communication system, communication device, communication method, and computer program
EP2925007B1 (en) Information processing device and information processing method
CN1689361A (en) Robust and flexible digital rights management involving a tamper-resistant identity module
KR20110004333A (en) Processing recordable content in a stream
WO2006071495A2 (en) Flexible pricing model for persistent content
EP2176828A2 (en) Method for sharing content
CN101123503A (en) An encryption and decryption method for electronic file transmission in communication network
KR20110004332A (en) Processing recordable content in a stream
US9226041B2 (en) Method and device for imposing usage constraints of digital content
JP4252280B2 (en) Baseline DVB-CPCM equipment
KR101073836B1 (en) An efficient management and operation method of the license on the digtal rights management system
EP1842364A1 (en) Contents execution device equipped with independent authentication means and contents re-distribution method
CN109005427B (en) Encrypted video playing method, device and equipment and storage medium
TW200843504A (en) System and method of digital rights management
KR20110059474A (en) Method, system and computer-readable recording medium for providing personal video recording service based on network

Legal Events

Date Code Title Description
AS Assignment

Owner name: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTIT

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHOI, BUM SUK;JOO, SANG HYUN;LEE, HYE JOO;AND OTHERS;REEL/FRAME:019527/0143;SIGNING DATES FROM 20070521 TO 20070608

Owner name: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTIT

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHOI, BUM SUK;JOO, SANG HYUN;LEE, HYE JOO;AND OTHERS;SIGNING DATES FROM 20070521 TO 20070608;REEL/FRAME:019527/0143

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

REMI Maintenance fee reminder mailed
LAPS Lapse for failure to pay maintenance fees
STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20160403